Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

CVE-2018-1694

Disclosure Date: November 06, 2018 •

CVE-2018-1694

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

IBM Jazz applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS Next Generation 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Quality Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Rhapsody Design Manager 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational Software Architect Design Manager 5.0 through 5.02 and 6.0 through 6.0.1, IBM Rational Team Concert 5.0 through 5.02 and 6.0 through 6.0.6) could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 145609.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Unknown

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

General Information

Offensive Application

Unknown

Utility Class

Unknown

Ports

Unknown

Vulnerable Versions

Rational Team Concert 5.0

Rational Team Concert 6.0

Rational Team Concert 6.0.1

Rational Team Concert 6.0.2

Rational Team Concert 6.0.3

Rational Team Concert 6.0.4

Rational Team Concert 6.0.5

Rational Team Concert 6.0.6

Rational Team Concert 5.01

Rational Team Concert 5.02

Rational Software Architect Design Manager 5.0

Rational Software Architect Design Manager 6.0

Rational Software Architect Design Manager 6.0.1

Rational Software Architect Design Manager 5.01

Rational Software Architect Design Manager 5.02

Rational DOORS Next Generation 5.0

Rational DOORS Next Generation 6.0

Rational DOORS Next Generation 6.0.1

Rational DOORS Next Generation 6.0.2

Rational DOORS Next Generation 6.0.3

Rational DOORS Next Generation 6.0.4

Rational DOORS Next Generation 6.0.5

Rational DOORS Next Generation 6.0.6

Rational DOORS Next Generation 5.01

Rational DOORS Next Generation 5.02

Rational Collaborative Lifecycle Management 5.0

Rational Collaborative Lifecycle Management 6.0

Rational Collaborative Lifecycle Management 6.0.1

Rational Collaborative Lifecycle Management 6.0.2

Rational Collaborative Lifecycle Management 6.0.3

Rational Collaborative Lifecycle Management 6.0.4

Rational Collaborative Lifecycle Management 6.0.5

Rational Collaborative Lifecycle Management 6.0.6

Rational Collaborative Lifecycle Management 5.01

Rational Collaborative Lifecycle Management 5.02

Rational Rhapsody Design Manager 5.0

Rational Rhapsody Design Manager 6.0

Rational Rhapsody Design Manager 6.0.1

Rational Rhapsody Design Manager 6.0.2

Rational Rhapsody Design Manager 6.0.3

Rational Rhapsody Design Manager 6.0.4

Rational Rhapsody Design Manager 6.0.5

Rational Rhapsody Design Manager 6.0.6

Rational Rhapsody Design Manager 5.01

Rational Rhapsody Design Manager 5.02

Rational Quality Manager 5.0

Rational Quality Manager 6.0

Rational Quality Manager 6.0.1

Rational Quality Manager 6.0.2

Rational Quality Manager 6.0.3

Rational Quality Manager 6.0.4

Rational Quality Manager 6.0.5

Rational Quality Manager 6.0.6

Rational Quality Manager 5.01

Rational Quality Manager 5.02

Rational Engineering Lifecycle Manager 5.0

Rational Engineering Lifecycle Manager 6.0

Rational Engineering Lifecycle Manager 6.0.1

Rational Engineering Lifecycle Manager 6.0.2

Rational Engineering Lifecycle Manager 6.0.3

Rational Engineering Lifecycle Manager 6.0.4

Rational Engineering Lifecycle Manager 6.0.5

Rational Engineering Lifecycle Manager 6.0.6

Rational Engineering Lifecycle Manager 5.01

Rational Engineering Lifecycle Manager 5.02

Prerequisites

Unknown

Discovered By

Unknown

PoC Author

Unknown

Metasploit Module

Unknown

Reporter

Unknown

Vendors

Products

References

Canonical

CVE-2018-1694 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1694)

Advisory

XF-ibm-jazz-cve20181694-info-disc(145609) (https://exchange.xforce.ibmcloud.com/vulnerabilities/145609)

http://www.ibm.com/support/docview.wss?uid=ibm10738301

Rapid7

Unknown

CVE-2018-1694

Unknown

Unknown

Unknown

Unknown

Unknown

CVE-2018-1694

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Advisory

Additional Info

Technical Analysis

Unknown

CVE-2018-1694

Unknown

Unknown

Unknown

Unknown

Unknown

CVE-2018-1694

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Advisory

Additional Info

Technical Analysis

Quick Cookie Notification